1302429 – dovecot pigeonhole plugin crashes on body part matches

Bug 1302429 - dovecot pigeonhole plugin crashes on body part matches

Summary: dovecot pigeonhole plugin crashes on body part matches

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	dovecot
Sub Component:
Version:	23
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Michal Hlavinka
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-27 21:06 UTC by Scott Shambarger
Modified:	2016-02-17 04:21 UTC (History)
CC List:	2 users (show)
Fixed In Version:	dovecot-2.2.21-2.fc23 dovecot-2.2.21-2.fc22
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-02-17 03:57:45 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Scott Shambarger 2016-01-27 21:06:52 UTC

Description of problem:
dovecot-pigeonhole 0.4.10 crashes when sieve matches against some extracted body parts... maillog contains:

dovecot: lda(xxx): Panic: file str.c: line 22 (str_new_const): assertion failed: (str[len] == '\0')
dovecot: lda(xxx): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x827c2) [0x7f274a5cd7c2] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8287a) [0x7f274a5cd87a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f274a574b01] -> /usr/lib64/dovecot/libdovecot.so.0(+0xa9468) [0x7f274a5f4468] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(+0x61ddc) [0x7f2749919ddc] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_match+0xf1) [0x7f27499002e1] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(+0x62685) [0x7f274991a685] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_interpreter_continue+0x7c) [0x7f27498f70ec] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_interpreter_run+0x2b) [0x7f27498f730b] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(+0x52690) [0x7f274990a690] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_execute+0x47) [0x7f274990b1f7] -> /usr/lib64/dovecot/lib90_sieve_plugin.so(+0x3b90) [0x7f2749b70b90] -> /usr/lib64/dovecot/libdovecot-lda.so.0(mail_deliver+0x49) [0x7f274ab888e9] -> /usr/libexec/dovecot/dovecot-lda(main+0x666) [0x563025824c16] -> /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f274a1aa580] -> /usr/libexec/dovecot/dovecot-lda(_start+0x29) [0x563025825279]


Version-Release number of selected component (if applicable):
dovecot-pigeonhole-2.2.21-1.fc23.x86_64

How reproducible:
Some body parts extraction results in a corrupt part_list structure used in  sieve 'body :text :contains "somestring"' matches

Full debuginfo trace for reference:
#0  0x00007f283bdf4a98 in raise () from /lib64/libc.so.6
#1  0x00007f283bdf669a in abort () from /lib64/libc.so.6
#2  0x00007f283c2037ba in default_fatal_finish (type=LOG_TYPE_PANIC, status=status@entry=0) at failures.c:201
#3  0x00007f283c20387a in i_syslog_fatal_handler (ctx=0x7ffe63694f20, format=<optimized out>, args=<optimized out>)
    at failures.c:418
#4  0x00007f283c1aab01 in i_panic (
    format=format@entry=0x7f283c231d38 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275
#5  0x00007f283c22a468 in str_new_const (pool=<optimized out>, str=<optimized out>, len=<optimized out>)
    at str.c:22
#6  0x00007f283b54fddc in ext_body_stringlist_next_item (_strlist=0x5638b7543928, str_r=0x7ffe63695070)
    at ext-body-common.c:89
#7  0x00007f283b5362e1 in sieve_stringlist_next_item (str_r=0x7ffe63695070, strlist=0x5638b7543928)
    at sieve-stringlist.h:44
#8  sieve_match (renv=renv@entry=0x5638b7587e98, mcht=mcht@entry=0x7ffe63695120, cmp=cmp@entry=0x7ffe63695100, 
    value_list=0x5638b7543928, key_list=0x5638b75438e0, exec_status=exec_status@entry=0x7ffe636950dc)
    at sieve-match.c:181
#9  0x00007f283b550685 in ext_body_operation_execute (renv=0x5638b7587e98, address=<optimized out>)
    at tst-body.c:381
#10 0x00007f283b52d0ec in sieve_interpreter_operation_execute (interp=0x5638b7587e40) at sieve-interpreter.c:870
#11 sieve_interpreter_continue (interp=interp@entry=0x5638b7587e40, interrupted=interrupted@entry=0x0)
    at sieve-interpreter.c:908
#12 0x00007f283b52d2da in sieve_interpreter_start (interp=interp@entry=0x5638b7587e40, result=<optimized out>, 
    interrupted=interrupted@entry=0x0) at sieve-interpreter.c:939
#13 0x00007f283b52d30b in sieve_interpreter_run (interp=0x5638b7587e40, result=0x5638b7588e50)
    at sieve-interpreter.c:950
#14 0x00007f283b540690 in sieve_run (sbin=0x5638b7583620, result=result@entry=0x7ffe63695240, 
    msgdata=0x7ffe63695330, senv=0x7ffe63695410, ehandler=ehandler@entry=0x5638b7573c80, flags=<optimized out>)
    at sieve.c:341
#15 0x00007f283b5411f7 in sieve_execute (sbin=<optimized out>, msgdata=<optimized out>, senv=<optimized out>, 
    exec_ehandler=exec_ehandler@entry=0x5638b7573c80, action_ehandler=0x5638b7587630, 
    flags=flags@entry=SIEVE_RUNTIME_FLAG_NOGLOBAL, keep=0x0) at sieve.c:550
#16 0x00007f283b7a6b90 in lda_sieve_singlescript_execute (srctx=0x7ffe636953a0) at lda-sieve-plugin.c:451
#17 lda_sieve_execute (storage_r=0x7ffe63695580, srctx=0x7ffe636953a0) at lda-sieve-plugin.c:867
#18 lda_sieve_deliver_mail (mdctx=<optimized out>, storage_r=0x7ffe63695580) at lda-sieve-plugin.c:928
#19 0x00007f283c7be8e9 in mail_deliver (ctx=0x7ffe636955c0, storage_r=0x7ffe63695580) at mail-deliver.c:440
#20 0x00005638b62e7c16 in main (argc=1, argv=0x5638b7549390) at main.c:440

Found in "Pigeonhole v0.4.11 for Dovecot v2.2.21" changelog:

- Several fixes in message body part handling:
  - Fixed assert failure occurring when text extraction is attempted on
    an empty or broken text part.
  - Fixed assert failure in handling of body parts that are converted
    to text.

I rebuilt dovecot with the upstream pigeonhole 0.4.11, and the bug does not re-occur.

Comment 1 Fedora Update System 2016-01-29 14:50:43 UTC

dovecot-2.2.21-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-573fde9db4

Comment 2 Fedora Update System 2016-01-29 14:50:43 UTC

dovecot-2.2.21-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f43b13b3dd

Comment 3 Scott Shambarger 2016-01-29 15:22:57 UTC

Installed the updated package in place of my build, and generally works and bug is fixed.  Thanks.

Comment 4 Fedora Update System 2016-01-30 19:21:51 UTC

dovecot-2.2.21-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f43b13b3dd

Comment 5 Fedora Update System 2016-01-30 19:55:42 UTC

dovecot-2.2.21-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-573fde9db4

Comment 6 Fedora Update System 2016-02-17 03:57:43 UTC

dovecot-2.2.21-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2016-02-17 04:21:28 UTC

dovecot-2.2.21-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.